tl;dr
A cyberattack has exposed 240,000 customers of SRP Federal Credit Union in South Carolina. The breach occurred between September 5th and November 4th, 2024, with hackers potentially acquiring Social Security numbers, driver’s license numbers, dates of birth, financial information, and credit or debi...
A cyberattack has exposed 240,000 customers of SRP Federal Credit Union in South Carolina. The breach occurred between September 5th and November 4th, 2024, with hackers potentially acquiring Social Security numbers, driver’s license numbers, dates of birth, financial information, and credit or debit card numbers.
The well-known ransomware group Nitrogen claimed responsibility for the attack, stating that they exfiltrated 650 GB of customer data, including full names, addresses, and credit ratings. Although Nitrogen claimed it was a ransomware attack, SRP has not confirmed this and stated that the hack did not impact its online banking or core processing systems.
The incident is under investigation, with law firms looking into claims from affected customers. SRP Federal Credit Union, one of the largest in the state with over $1.6 billion in assets as of 2022, filed breach notifications with regulators in Maine and Texas on December 13th. A law enforcement investigation discovered hackers had accessed the bank’s internal systems multiple times between September 5th and November 4th, 2024.
While SRP hasn’t publicly stated what specific information was stolen from them, the credit union told Texas regulators that Social Security numbers, driver’s license numbers, dates of birth, and financial information like account numbers as well as credit or debit card numbers are compromised. According to cyber security management and threat analysis firm Hackmanac, a well-known ransomware group called Nitrogen took credit for the attack, which claimed to also have customers’ full names and credit ratings.
Despite Nitrogen’s claims, SRP has not said whether it was a ransomware attack, and reportedly told regulators that the hack didn’t impact its online banking system or core processing systems. Several law firms are now investigating claims from SRP customers in regard to the breach.
Image Source: Hackmanac/X